[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 32.730189] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 36.796611] random: sshd: uninitialized urandom read (32 bytes read) [ 37.061426] random: sshd: uninitialized urandom read (32 bytes read) [ 38.369886] random: sshd: uninitialized urandom read (32 bytes read) [ 41.257491] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.47' (ECDSA) to the list of known hosts. [ 46.818251] random: sshd: uninitialized urandom read (32 bytes read) [ 46.938896] IPVS: ftp: loaded support on port[0] = 21 [ 47.116940] ip (4561) used greatest stack depth: 54056 bytes left [ 47.133414] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.139846] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.147388] device bridge_slave_0 entered promiscuous mode [ 47.171075] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.177495] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.185200] device bridge_slave_1 entered promiscuous mode [ 47.208237] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.231837] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 47.297533] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 47.323754] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 47.424854] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 47.432457] team0: Port device team_slave_0 added [ 47.455622] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 47.462923] team0: Port device team_slave_1 added [ 47.486272] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 47.512659] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.538587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.565196] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 47.782935] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.789390] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.796193] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.802618] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 48.564966] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.639888] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 48.713984] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 48.720344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.728867] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.800329] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 49.262710] ================================================================== [ 49.270125] BUG: KMSAN: kernel-infoleak in copy_from_read_buf+0x311/0x890 [ 49.277061] CPU: 1 PID: 4785 Comm: syz-executor056 Not tainted 4.17.0+ #22 [ 49.284053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.293396] Call Trace: [ 49.296014] dump_stack+0x185/0x1d0 [ 49.299643] kmsan_report+0x188/0x2a0 [ 49.303432] kmsan_internal_check_memory+0x17e/0x1f0 [ 49.308524] kmsan_copy_to_user+0x73/0xb0 [ 49.312670] copy_from_read_buf+0x311/0x890 [ 49.317004] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 49.322384] n_tty_read+0x178f/0x2f70 [ 49.326170] ? wait_woken+0x2e0/0x2e0 [ 49.329962] ? rcu_all_qs+0x32/0x1f0 [ 49.333659] ? _cond_resched+0x3c/0xd0 [ 49.337539] ? ldsem_down_read+0x95/0xad0 [ 49.341685] ? tty_ldisc_ref_wait+0x97/0xf0 [ 49.346012] ? n_tty_flush_buffer+0x430/0x430 [ 49.350501] tty_read+0x26e/0x6c0 [ 49.353964] ? release_one_tty+0x5f0/0x5f0 [ 49.358183] __vfs_read+0x1b2/0x9d0 [ 49.361804] vfs_read+0x36c/0x6b0 [ 49.365278] __x64_sys_read+0x1bf/0x3e0 [ 49.369262] ? ksys_read+0x360/0x360 [ 49.372968] do_syscall_64+0x15b/0x230 [ 49.376861] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 49.382056] RIP: 0033:0x446c59 [ 49.385239] RSP: 002b:00007f3fc6212d18 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 49.393032] RAX: ffffffffffffffda RBX: 00000000006f003c RCX: 0000000000446c59 [ 49.400580] RDX: 00000000ffffff5c RSI: 0000000020000080 RDI: 0000000000000004 [ 49.407846] RBP: 00000000006f0038 R08: 0000000000000000 R09: 0000000000000000 [ 49.415114] R10: 0000000000000000 R11: 0000000000000246 R12: 6d74702f7665642f [ 49.422383] R13: 00000000007ffd9f R14: 00007f3fc62139c0 R15: 0000000000002710 [ 49.429655] [ 49.431266] Uninit was created at: [ 49.434796] kmsan_internal_alloc_meta_for_pages+0x146/0x700 [ 49.440593] kmsan_alloc_page+0x75/0xd0 [ 49.444561] __alloc_pages_nodemask+0xf7b/0x5cc0 [ 49.449299] alloc_pages_current+0x6b1/0x970 [ 49.453694] __vmalloc_node_range+0x8bf/0x1170 [ 49.458266] vmalloc+0xd8/0xf0 [ 49.461456] n_tty_open+0x4a/0x490 [ 49.464981] tty_ldisc_setup+0x375/0x670 [ 49.469036] tty_init_dev+0xb82/0x1020 [ 49.472934] ptmx_open+0x2bb/0x7c0 [ 49.476463] chrdev_open+0xc25/0xd90 [ 49.480158] do_dentry_open+0xccc/0x1440 [ 49.484202] vfs_open+0x1b6/0x2f0 [ 49.487661] path_openat+0x4771/0x6640 [ 49.491542] do_filp_open+0x261/0x640 [ 49.495332] do_sys_open+0x624/0x960 [ 49.499037] __x64_sys_openat+0x129/0x170 [ 49.503193] do_syscall_64+0x15b/0x230 [ 49.507082] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 49.512252] [ 49.513859] Byte 4094 of 4095 is uninitialized [ 49.518420] Memory access starts at ffffc900018d305e [ 49.523501] ================================================================== [ 49.530837] Disabling lock debugging due to kernel taint [ 49.536268] Kernel panic - not syncing: panic_on_warn set ... [ 49.536268] [ 49.543620] CPU: 1 PID: 4785 Comm: syz-executor056 Tainted: G B 4.17.0+ #22 [ 49.552023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.561388] Call Trace: [ 49.563973] dump_stack+0x185/0x1d0 [ 49.567590] panic+0x3d0/0x9b0 [ 49.570780] kmsan_report+0x29e/0x2a0 [ 49.574574] kmsan_internal_check_memory+0x17e/0x1f0 [ 49.579767] kmsan_copy_to_user+0x73/0xb0 [ 49.583904] copy_from_read_buf+0x311/0x890 [ 49.588229] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 49.593584] n_tty_read+0x178f/0x2f70 [ 49.597373] ? wait_woken+0x2e0/0x2e0 [ 49.601174] ? rcu_all_qs+0x32/0x1f0 [ 49.604877] ? _cond_resched+0x3c/0xd0 [ 49.608750] ? ldsem_down_read+0x95/0xad0 [ 49.612896] ? tty_ldisc_ref_wait+0x97/0xf0 [ 49.617222] ? n_tty_flush_buffer+0x430/0x430 [ 49.621715] tty_read+0x26e/0x6c0 [ 49.625159] ? release_one_tty+0x5f0/0x5f0 [ 49.629405] __vfs_read+0x1b2/0x9d0 [ 49.633046] vfs_read+0x36c/0x6b0 [ 49.636515] __x64_sys_read+0x1bf/0x3e0 [ 49.640479] ? ksys_read+0x360/0x360 [ 49.644189] do_syscall_64+0x15b/0x230 [ 49.648154] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 49.653329] RIP: 0033:0x446c59 [ 49.656504] RSP: 002b:00007f3fc6212d18 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 49.664206] RAX: ffffffffffffffda RBX: 00000000006f003c RCX: 0000000000446c59 [ 49.671490] RDX: 00000000ffffff5c RSI: 0000000020000080 RDI: 0000000000000004 [ 49.678763] RBP: 00000000006f0038 R08: 0000000000000000 R09: 0000000000000000 [ 49.686031] R10: 0000000000000000 R11: 0000000000000246 R12: 6d74702f7665642f [ 49.693299] R13: 00000000007ffd9f R14: 00007f3fc62139c0 R15: 0000000000002710 [ 49.701082] Dumping ftrace buffer: [ 49.704617] (ftrace buffer empty) [ 49.708307] Kernel Offset: disabled [ 49.711918] Rebooting in 86400 seconds..